It made the rounds in the press years ago. Here’s a first person account for ipsec, which was one of the first hits I found when looking for information about the SSL weakening:
It’s describing the same tactics, but a different protocol. Honestly, just crack open the SSL spec. In hindsight, it’s pretty obvious it was intentionally over-complicated.
The Wireguard protocol attempts to fix these issues by hardcoding everything behind a protocol version number. It’s vastly easier to implement and configure properly.
https://www.mail-archive.com/cryptography@metzdowd.com/msg12...
It’s describing the same tactics, but a different protocol. Honestly, just crack open the SSL spec. In hindsight, it’s pretty obvious it was intentionally over-complicated.
The Wireguard protocol attempts to fix these issues by hardcoding everything behind a protocol version number. It’s vastly easier to implement and configure properly.